package com.future.controller;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.future.enums.StatusCode;
import com.future.po.Role;
import com.future.po.User;
import com.future.service.AuthService;
import com.future.service.RoleService;
import com.future.vo.PasswordVo;
import com.future.vo.ResponseResultVo;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;

@Api(tags = "授权的API接口")
@RestController
@CrossOrigin
@RequestMapping("/auth")
public class AuthController {

    @Autowired
    private AuthService authService;

    @Autowired
    private RoleService roleService;

    @ApiOperation(value = "注册", notes = "根据User对象注册")
    @PostMapping("/register")
    public ResponseResultVo register(@RequestBody User user) {
        authService.regist(user);
        return ResponseResultVo.success();
    }

    @ApiOperation(value = "登录", notes = "根据用户名和密码登录")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "username", value = "用户名", required = true),
            @ApiImplicitParam(name = "password", value = "密码", required = true)
    })
    @PostMapping("/login")
    public ResponseResultVo login(@RequestBody User user, HttpServletResponse response) throws IOException {
        response.setHeader("Access-Control-Allow-Credentials", "true");
        try {
            User resUser = authService.login(user.getUsername(), user.getPassword());
            resUser.setHeadPath(resUser.getHeadPath().replaceAll("C:\\\\images\\\\user\\\\head\\\\", "\\\\photo\\\\user\\\\avatar\\\\"));
            return ResponseResultVo.success(resUser);
        } catch (UnknownAccountException e) {
            return ResponseResultVo.failure(StatusCode.FORBIDDEN, "用户名不存在");
        } catch (IncorrectCredentialsException e) {
            return ResponseResultVo.failure(StatusCode.FORBIDDEN, "密码不正确");
        } catch (AuthenticationException e) {
            return ResponseResultVo.failure(StatusCode.INTERNAL_SERVER_ERROR, "登录失败");
        }
    }

    @ApiOperation(value = "注销", notes = "退出登录")
    @GetMapping("/logout")
    public void logout() {
        authService.logout();
    }

    @ApiOperation(value = "修改密码", notes = "根据Password对象中的用户id、原密码、新密码，修改用户的原密码为新密码")
    @PutMapping
    public ResponseResultVo putPassword(@RequestBody PasswordVo password) {
        if (authService.modifyPassword(password)) {
            return ResponseResultVo.success();
        }
        return ResponseResultVo.failure(StatusCode.FORBIDDEN, "原密码错误");
    }

    @ApiOperation(value = "获取角色列表")
    @GetMapping("/role")
    public ResponseResultVo getRoleList() {
        List<Role> roles = roleService.list();
        return ResponseResultVo.success(roles);
    }

    @ApiOperation(value = "根据用户id获取角色列表")
    @ApiImplicitParam(name = "userId", value = "用户id", required = true)
    @GetMapping("/role/{userId}")
    public ResponseResultVo getRoleListByUserId(@PathVariable("userId") Integer userId) {
        List<Role> roles = roleService.list(new QueryWrapper<Role>().eq("user_id", userId));
        return ResponseResultVo.success(roles);
    }
}
